Weekly Summary

SPOTLIGHT, VULNERABILITY CHAT & PRIVACY HEADLINES
Share this analysis
Seize Breach Exposure Monitoring

100 domains seized following 120-page court order.

14 October 2024
BREACHAWARE HQ

A total of 22 breaches were found and analysed resulting in 13,158,059 leaked accounts containing a total of 22 different data types. The breaches found publicly and freely available included Kleinanzeigen, Boutiqaat, Nexo, Netherlands FOREX Consumer Leads and DigiDirect. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

Last week, something very unusual happened: the U.S. government authorised Microsoft to seize over 100 domains under the pretext of undermining the democratic processes of Western nations, including the U.S. and UK. These domains aren't what you'd typically expect. They include law-related, design-related, and security-related domains. According to the 120-page court order, “There is good cause to believe that John Doe 1-2 operates a sophisticated Russian-based cybercriminal operation known as ‘Star Blizzard.’” Interestingly, the site owners are not named as defendants and were unaware they could even be sued. No evidence has been provided; the domains were simply seized because they might have had some past connection to Russia. You can read more about it https://www.courthousenews.com/msft-star-blizzard-order/

Meanwhile, everyone is talking about the Internet Archive, one of the last golden pillars of the internet. Until recently, it had avoided being exploited, sold off to faceless corporations, or regulated by uninformed politicians. However, as of now, their domain archive.org displays a "temporarily offline" message. There’s little solid information on what’s happening. The Internet Archive has been capturing snapshots of the web since 1996, amassing 99 petabytes of data or 890 billion web pages. Recently, the Archive has faced a rough few months, including a major lawsuit over copyright infringement. The result may see them forced to pay $621 million in damages to large publishing companies for lending digital books. They’ve also been hit with several DDoS attacks, starting in May of this year.

More recently, they experienced an intense DDoS attack, which was followed by the site being defaced with this message: “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of a catastrophic security breach? It just happened. See 31 million of you on HIBP!” The site is now offline. This has sparked global outrage. Threat actors, security researchers, and everyday users are up in arms. Over the years, the Archive has made a lot of enemies by complying with GDPR requests, though many corporations, governments, and intelligence agencies would like to see certain things erased from the web permanently. A group called SN_BlackMet has claimed responsibility for the attack.

However, it doesn’t quite add up. Any activist group with the capability to take down such a large site would likely understand its importance. Also, HIBP doesn’t attribute the database breach to anyone. One thing is certain: threat actors usually seek recognition. They could have sold the stolen data on the dark web for a significant amount of money, so it seems likely that the data breach and the DDoS attacks are unrelated.

VULNERABILITY CHAT

GitLab users are being alerted to a critical security vulnerability affecting versions of GitLab Enterprise Edition (EE) prior to 17.4.2, 17.3.5, and 17.2.9. If left unpatched, this flaw allows for continuous integration (CI) pipeline triggers that could enable remote code execution. Attackers could exploit the vulnerability to run CI/CD pipelines on branches of their choice.

Threat actors are also actively exploiting a now-patched vulnerability in Veeam Backup & Replication software to deploy Akira and Fog ransomware. Security researcher Florian Hauser, from Germany-based CODE WHITE, is credited with identifying and reporting the flaw. In one attack leading to Fog ransomware deployment, the attackers targeted an unprotected Hyper-V server, using the rclone utility to exfiltrate data before deploying the ransomware.

In another incident, a security vulnerability in Ecovacs' system has exposed the company’s robot vacuum cleaners to remote attacks. The flaw, located in the devices' Bluetooth interface, allows attackers to control the robots remotely, gaining access to their cameras and microphones. This poses a serious privacy risk, as attackers could potentially use the devices as covert surveillance tools.

Information security leaders are also being urged to ensure that employees using the Firefox browser have installed the latest update. Mozilla has identified a critical zero-day vulnerability that is being actively exploited. This flaw could allow attackers to run malicious code if users visit compromised websites.

New details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol. These flaws, if exploited, could have severe consequences in industrial environments. Claroty's analysis found that Siemens SIPROTEC 5 IED uses an outdated version of SISCO’s MMS-EASE stack, which is susceptible to a denial-of-service (DoS) attack through specially crafted packets.

HashiCorp has disclosed a critical vulnerability in its Vault secret management platform. The flaw could allow attackers with elevated privileges to escalate their access to the root policy, potentially compromising the entire Vault instance.

The Bitcoin network is also facing a significant but discreet threat. Around 13% of the nodes maintaining the blockchain are vulnerable to a critical flaw identified in May 2023. This flaw could cause nodes to crash and persists in those that have not yet updated to the latest version of Bitcoin Core software.

BlackBerry has published research revealing the extent of software supply chain vulnerabilities affecting the UK public sector. The findings show that operating systems (38%) and web browsers (17%) are responsible for the greatest risks. Public sector IT leaders report high levels of impact from these attacks, including financial losses (71%), data breaches (67%), reputational damage (67%), operational disruptions (50%), and intellectual property loss (38%).

Finally, a joint advisory from the UK’s National Cyber Security Centre (NCSC) and U.S. agencies warns that SVR cyber operations, known for the SolarWinds attack and targeting COVID-19 vaccine research, are now focusing on unpatched software vulnerabilities across various sectors. The SVR, also known as APT29 or Cozy Bear, has a proven ability to exploit known vulnerabilities that organisations have failed to address.

6 Common Vulnerability and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Qualcomm (Multiple Chipsets). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST's National Vulnerability Database (NVD), the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP), has published 1,433 vulnerabilities last week, making the 2024 total 30,252. For more information visit https://nvd.nist.gov/vuln/search/

INFORMATION PRIVACY HEADLINES

New corporate filings suggest that ByteDance is anticipating more fines from European privacy regulators in the future. The company has set aside $1 billion to cover these potential fines. This provision was revealed in corporate accounts for TikTok’s European operations, filed this week with the United Kingdom’s Companies House. The filings also showed a significant surge in TikTok’s European revenues, which rose to $4.57 billion last year, up from $2.6 billion in 2022.

Meanwhile, Smart TVs are increasingly being used to track viewers and harvest their data for advertisers, employing the same invasive ad technologies that undermine privacy on the internet. A report by the Center for Digital Democracy (CDD), titled "How TV Watches Us: Commercial Surveillance in the Streaming Era," details how Smart TVs have become part of an extensive commercial surveillance system.

In a separate development, the European Commission has confirmed that the U.S. is complying with a key privacy framework necessary to protect Europeans' data when it is transferred overseas. In its report, the Commission praised U.S. authorities for establishing the structures and procedures required to ensure the framework’s effectiveness, particularly highlighting the creation of a U.S. oversight authority.

At the WSIA Annual Marketplace in San Diego, a panel hosted by AM Best discussed the evolving cyber insurance landscape, emphasising a shift toward longer-tail claims. Deuayne Crawford, head of wholesale cyber and technology underwriting at AXA XL, noted emerging risks related to unauthorised data collection, particularly the use of pixel technology without proper disclosure or consent, which raises significant privacy and regulatory concerns. He also pointed out growing issues surrounding artificial intelligence (AI), including intellectual property infringement and privacy violations.

Allianz Commercial has warned in its annual cyber risk outlook that cyber claims have continued to rise over the past year, largely driven by an increase in data and privacy breaches. According to the insurer’s analysis, the frequency of large cyber claims (over €1 million) in the first half of 2024 rose by 14 percent, while the severity of claims increased by 17 percent, following a smaller increase of just 1 percent in 2023.

Breach Exposure Monitoring | Dark Web Monitoring + Surface Web Monitoring
Scan Any Domain for Free https://breachaware.com/scan

DATA CATEGORIES DISCOVERED

Socia-Demographic Data, Contact Data, Technical Data, Financial Data, Transactional Data, Communications Data, Special Category.

  • Key Statistics
  • Breaches Discovered
    0
  • ACCOUNTS DISCOVERED
    0
  • DATA TYPES DISCOVERED
    0